RE: Avoiding GET in CGIs


No such thing as a small change
	PerlMonks

RE: Avoiding GET in CGIs

by merlyn (Sage)

on Jul 13, 2000 at 17:57 UTC ( [id://22379]=note: print w/replies, xml )

Need Help??

in reply to Avoiding GET in CGIs

First, you can handle this entirely in the .htaccess file or equivalent, at least in Apache, by making it deny from all for method GET HEAD, as in (untested):

<Files foo bar>
<Method GET HEAD>
order deny, allow
deny from all
</Method>
</Files>
[download]

Second, preventing anything but POST means I just have to write a script, and still won't need to go through your page. perldoc lwpcook shows how trivial it is to write such a program.

My advice (free, and worth every penny!): give it up. Artificial restrictions like this will always be worked around. I know, I've worked around a number myself. It's the illusion of control or security, and just that: an illusion.

-- Randal L. Schwartz, Perl hacker

Comment on RE: Avoiding GET in CGIs Download Code

Replies are listed 'Best First'.
RE: RE: Avoiding GET in CGIs by Michalis (Pilgrim) on Jul 14, 2000 at 00:57 UTC
I'm aware that if someone REALLY wants to overcome these restrictions, he may do it through literaly thousands of ways. As a matter of fact I've done it a couple of times (yes, with LWP :-) I was actually talking about the "average" site user (if such a thing exists...). By the way, thanks for the .htacess solution, it's much cleaner.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://22379]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others cooling their heels in the Monastery: (5)

As of 2025-04-25 12:31 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.